AWS OpenSearch Domain Does Not Have TLS 1.2 Encryption

Overview

This control examines whether connections to OpenSearch domains necessitate the use of TLS 1.2. The validation will not pass if the TLSSecurityPolicy of the OpenSearch domain is not set to Policy-Min-TLS-1-2-2019-07.

Utilizing HTTPS (TLS) can mitigate potential threats such as person-in-the-middle attacks, safeguarding network traffic from eavesdropping or manipulation by attackers. It is imperative to restrict connections to encrypted ones over HTTPS (TLS). While encrypting data in transit may impact performance, it is advisable to conduct thorough testing of your application to comprehend the performance characteristics and assess the impact of TLS. TLS 1.2 incorporates various security enhancements compared to its predecessors in the TLS protocol.

Vendor

AWS

Cloud Service

OpenSearch

Opensearch.8

Severity

Item Types

AWS::OpenSearch::Domain

Overview​

Vendor​

Cloud Service​

Related Controls​

Severity​

Item Types​

Overview

Vendor

Cloud Service

Related Controls

Severity

Item Types